WannaCry: The Next Wave of Ransomware

All About WannaCry Ransomware

There was a global attack that began on Friday, May 12, 2017, infecting over 200,000 computers in 150 countries that has been halted, thanks to the cybersecurity researcher known as MalwareTech and with the help of Darien Huss from security firm ProofPoint.

MalwareTech accidentally came across a domain name that happened to be a kill switch built into the malware and was able to stop the virus by registering the domain. The worm, a type of virus, has been dubbed WannaCry, WannaCrypt, WanaCrypt0r 2.0, or Wanna Decrytor. Files are encrypted with .wnry, .wcry, .wncry, and .wncryt extensions. An infected file will have one of those extensions at the end of its name.

The malicious software WannaCry, a virus, demanded ransom payments in the amount of $300 in the form of bitcoin. Bitcoin is a nearly anonymous and untraceable payment method known as cryptocurrency. It’s an entirely digital currency, harmless, but well suited for this. The currency is legitimate and has its own market.

The malware exploited a vulnerability in Windows Server Message Block (SMB) version 1 (SMBv1), a file sharing protocol implemented in Microsoft Windows. SMBv1 is outdated, and the exploit was primarily successful because updates have not been applied quickly enough. In the case of Windows XP, a custom support-only OS, Microsoft will take steps to provide public patches. This all ties back to the NSA breach in summer 2016 when the hacker group Shadow Brokers published leaks containing hacking tools from the National Security Agency.

What is Ransomware?

Ransomware has been a hot topic recently because of the growing threat it poses. Unfortunately, the attacks are nearly untraceable and on the rise in popularity with an unsavory community of individuals. The way this affects our daily lives can be prolific. In the past, companies have been forced to revert to pen and paper for a week to recover from an attack. This may not seem so bad, but when all of a company’s pertinent information is stored digitally that can be detrimental to a business. Note, having a managed service provider (MSP) that can quickly restore backed up data after an attack, is a great measure in preventing lengthy downtime. An MSP is a company that manages information technology remotely and can be an essential extension of in-house IT, especially in key areas of cyber security, by providing offsite backup of data and real-time monitoring of network systems.

Ransomware itself is a type of malicious software (malware), colloquially known as a virus, which uses cryptography to encrypt all data on a computer. When data is encrypted it is essentially behind lock and key. The attacker implementing the ransomware has the key to be able to extort people for money in order to unencrypt their data.

People can become infected in numerous ways but commonly fall prey to phishing emails, online ads, and sharing infected documents; Clouds have been targeted by that method and can infect entire networks. Again, a good MSP is able to monitor the Cloud to prevent and retroactively speed up recovery from an attack.

Security for Your Business: Stopping the Virus

Most businesses today store data digitally, making cyber security a larger initiative than ever. With cybercrime ever increasing, businesses seek solutions to prevent and solve threats to sensitive data. The goal is never to need to stop the virus, but this is the real world where mistakes do happen.

For the tech savvy, use task manager to check the running processes and disconnect from the network immediately if something unknown is spotted.

At the end of the day, for absolute security, having the proper monitored security implemented on your system and a proper backup will save the day. If you have a digital copy of your information and files, the attacker can’t force anyone to pay for what they already have. Craftech offers data backup and recovery business services and more, and we will happily answer your questions.